Help with virus or other issue

I have a terminal that has something and I just can't figure it out. I am getting pop ups like mad. I cannot get into symantec or malware bytes. It keeps telling me the link is broken. I tried to navigate to the the web site to redownload and it redirects me. I tried to boot in safe mode and when I hit enter to boot in safemode with networking it just gets stuck in a reboot loop and never boots. I can boot in normal mode but I cannot get to anything. So I can't run anything to see what I have going on. I tried running from a cd and jump drive and it wont let me open the .exe.

Where should I start with this?

They are inducing labor on my wife tomorrow so I might not get to reply for a couple days but at least you guys can give me some ideas for when I get the terminal in my hands again.

They are inducing labor on my wife tomorrow so I might not get to reply for a couple days but at least you guys can give me some ideas for when I get the terminal in my hands again.

Congratulations :)

See if you are able to download the attached FindWPP.zip and Extract the FindWpp Folder from the ZIP to your Desktop.
In the FindWPP folder, you'll see RunThis.bat.
Run it, if you are able.
A log should pop up after a bit. Please post that for me.

I cannot boot in safe mode and I cannot run certain files off of a jump drive. I can run HJT and create a log file. That is about it. Nothing but popups that say your computer is infected. I was able to download malwarebytes but I cannot run it. It just says it can't find the link.

First, run RKILL. You only need to run it once. If it runs successfully, a black screen will appear and then disappear.
If one doesn't run (you get error message) , try the next and so on until one runs.

Once RKILL runs, immediately start MBAM and do the quick scan. Remove what it finds an post the log.

I was actually able to download that program and it started to run then the computer completely locked up. I had to force a shut down and now it gets stuck at "preparing network connections" and that is it. I still can't boot in safe mode. I have no idea how to get my desktop back let alone do anything.

First, run RKILL. You only need to run it once. If it runs successfully, a black screen will appear and then disappear.
If one doesn't run (you get error message) , try the next and so on until one runs.

Once RKILL runs, immediately start MBAM and do the quick scan. Remove what it finds an post the log.

I might need to correct the last post. I do have the screen that says "Please wait..." and I can hear the hard drive ticking away so it might be doing something. It has been like that for about 5 minutes now. HOw long will it take to return a log?

1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. mbam-clean.exe
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here and try again to run it and let us know.

So I uninstalled MBAM and reinstalled it and I still get the same error. Is there any other way to get MBAM to install and run?

Let's try something different first:
Please Download Win32kDiag from a linky below and place it on the Desktop of the ill compy.
• http://ad13.geekstogo.com/Win32kDiag.exe
• http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe
-- DoubleClick on Win32kDiag.exe to run it. Let it run for as long as it needs to.
-- When it says Finished – Press any key to exit, do that to exit the program.
-- You should now have a Win32kDiag.txt on your Desktop. Please post the entire log for me and we’ll go from there.Be sure to let it run until is says "Finished" before posting the log!

What I want you to do, though, is this:
When you download it and it asks you to "Save File As," rename combofix to iexplore.exe and then download it and see if you can place it on the Desktop of the ill machine.

I ran it until it finished but there is nothing really in the log. It just says finished. I will try to get you a copy iof the .txt file if it helps. I am having a hard time getting the logs from one computer to another.

If combofix prompts you to start the scan, go ahead and say yes and follow the in the linky from the top.
You'll need to disable any AV / AntiSpy tools on the compy prior to running combofix. If you are unable to update it, no worries - run it anyway.

Let me know how you fare. I'll need to see the combofix log, if it is able to complete successfully.

Then it locks up. Is there a way to run this with norton still on? I have no clue how to remove that right now because it was endpoint security that was pushed out through our server and I am at home away from our server.

Now I have a bigger problem. My good computer that is on the same network cannot get on the internet anymore and only my infected computer can access the internet. What could I have done to my good terminal?

I just got the correct service pack of xp pro on my desktop. I drag and drop on the iexplorer.exe icon and nothing happens. According to the instructions it should start to scan.
Am I missing something?

I'm not sure what you are referring to - You don't want to install a service pack. We need the appropriate Recovery Console download for your machine.

Once the Recovery Console has been installed, you need to start combofix with this command:"%userprofile%\desktop\combofix.exe" /KillAll

I got everything to run and I have a .txt log. should I post it?

YES! :)
I definitely need to see that!

Now I have a bigger problem. My good computer that is on the same network cannot get on the internet anymore and only my infected computer can access the internet. What could I have done to my good terminal?

Shut down the good computer for the time being - in a lot of cases, it is easily possible to infect one compy while trying to clean a second one. Just shut it down for the time being.

If that is not an option, please start a new thread for the second computer and we'll work both at once. We'll need separate threads to avoid confusion.

-- Can you run MBAM on second compy?
-- What OS is second compy?
-- Do you have Windows CD / DVD for either computer?

I can get into safe mode and I can run MBAM. Do you need to see that log?

The second computer somehow managed to get a corrupt file in Norton Internet Security that was restricting my acces to the internet. It must have been when I was transferring files back and forth. I pinged yahoo to see if it was connected and it was. I uninstalled norton and reinstalled and it appears to be good. I will start a new thread if I run into problems with that one.

Is there anyway to find out how I got this worm/virus? I would like to find a way to avoid this in the future. It was on one of my employees computers that this happened.

Not Quite! Still some baddies remaining - please do the following:
-- Please delete your copy of ComboFix and download a fresh one to your Desktop
-- Download the attached file CFScript.txt to your Desktop as well
-- Close ALL browser windows and then drag CFScript.txt into ComboFix.exe just like this.

-- Let Combofix run as before and post me that log.

-- Then, update your MBAM and run the Full scan in Normal Windows Boot and post the log for me.

Is there anyway to find out how I got this worm/virus? I would like to find a way to avoid this in the future. It was on one of my employees computers that this happened.

You had/have a healthy infestation of malware. Probably not from one source.
I imagine some was from "drive by" download of a rogue scanner.
The rootkit components are worrisome.

Honestly, in cases such as this, I usually recommend a reformat and reinstall of Windows. Especially on business computers with potentially sensitive data.
Even if all of the scanlogs show clean, you can never really be certain......

'Course, that isn't always a practical option. But, it is the only 100% effective option.

• Click Start > Run
• Type or Copy&Paste ComboFix /Uninstall into the Run box. (Be sure there is a space between the x and the / if you type it)
• Click OK

This will remove Combofix and it’s components from your machine.
It will also reset your clock, re-hide System and Hidden Files and hide File Extensions.
Last, but certainly not least, doing this will reset System Restore.

I'd also like to look to see if there are other minor cleanup items - things we need to update (Adobe / Java etc...) that otherwise would pose security risks. The Vundo on your machine may well have been a result of outdated Java, for instance.

So, please do this:
-- Download DDS by sUBs and save it to your Desktop
-- If your AV has a script blocker, please disable it
-- DoubleClick on dds.scr to run the tool

* A command box will open, displaying added information for your reading pleasure while DDS completes its scan.
* Upon completion, a Dialog Box should open instructing you to save and post the TWO resulting logs (DDS.txt & Attach.txt).

- Copy&Paste the DDS.txt into your next post.
- Please post Attach.txt as an attachment to your post - there is no need to Zip it. If you don’t know how to post an attachment, please Copy&Paste it along with the DDS.txt scanlog.